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REMARKS 

The Applicants and the undersigned thank Examiner Jackson for her careful 
review of this application. Claims 1, 2, 5, and 7-25 have been rejected. Upon entry of 
this amendment, Claim 5 has been cancelled and Claims 1-4, and 6-25 art pending in this 
application. 

The indt?pcndent claims arc Claims 1, 3, ti, 12, 13, I6 S 19, 21, and 25. 
Consideration of the present application is respectfully requested in light of the above 
amendments to the application and in view of the following remarks. 

Allowed Depend ent Claims 3 and 6 Re-Written in Inde pendent Form 

The Applicants appreciate the indication of allowable subject matter in previous 
dependent Claim* 3-4 and <V The Applicants have rewritten dependent Claim 3 and 
Claim 6 as independent claims such dial they have all of the limitations ot'fhcir prcvioas 
independent claims. It is believed that Claims 3, 4 (by its dependency on Claim 3), and 6 
are allowable over the prior art. Consideration and an indication from the Examiner that 
these claims are allowable over die yi ivi ai t are respectfully requested. 

Claim Rejections under 15 U.S.C. 8 102 

The Examiner rejeeLed Claims 1-2, 5, and 7-25 under 35 U.S.C. § 1 02(e) as being 
anticipated by U.S. Patent No. 6,510,523 to Perlman (hereinafter Hits "Pei-lman" 
reference). The Applicants respectfully offer remarks to traverse these pending rejections, * 

Independent Claim 1 

The rejection of Claim 1 is resspcctfiilly traversed. It is respectfully submitted that 
the Perlman reference fails to describe, teach, or surest thy combination of (1) 
completing a vulnerability assessment comprising (2) a scan of the workstation to 
identify at least one of (a) security vulnerabilities that would compromise the secure 
operation of the workstation on the computer network and (b) evidence of a eomprtYmise; 
(3) gerie.cat.ing workstation security credentials based on the vulnerability assessment, (4) 
the workstation security credentials comprising one of integrity information describing 
whether the workstation has been r.ompmmi.scd, and security posture information 
describing the workstation's potential for compromise; (5) comparing die workstation 
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should he granted access to the network service; and (6) authorizing access to the 
network service by die workstation if the workstation security credentials satisfy the 
workstation security policy, otherwise denying access to the network service by the 
workstation, as recited in amended Claim 1 , 

The Perlmnn Reference 

The Pcrlman reference describes a limited security system 100 for restricting user 
access privileges through an untrusted terminal 110 connected to a network. Limited 
security eye tern 100 includes an uutiusted terminal 1 1 0, credentials server 120, a Remote 
Terminal "A" 130. and a Remote Terminal *B" 140 connected by network 150. Sec 
Figure 1 uf the Perlman reference illustrated below. See Column 4, lines 10-17 of the 
Perlman reference. 




FIO. 1 R£VOTJC-tl.|fcMJNAL. H 



Untrusted terminal 110 is a device capable of communicating with network 150 
(e.g., via a modem or other communications device). Untrusted terminal 110 may have 
Internet aiaess capabilities to communicate with remote terminals worldwide. Thus, if a 
user is vacationing in Australia, for exarnple> they would be able to connect with their 
company server in Spokane, Washington via unirusicd terminal 110. In addition, 
untrusted terminal 110 may include software that allows the user u> lueate and access 
information ati remote terminals connected to network 150. One type of software 
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suitable for this purpose is a web browser, such as Netscape Navigator, which enables 
UDtrusted terminal 110 to connect to a server having a unique uniform resource locator 
(URL), 

The I'ertman reference describes the credentials server 120 us a device (e.g. ? 
server) connected to uetwork 150 that is capable of generating credentials (e.g., 3 private 
key and a public feey certificate) trusted by one or more, remote terminals. Credentials 
server 120 issues credentials to a user to permit privileged operations. These credentials 
typically include public, key certificates. However, credentials server 120 can issue 
various kinds of credential depending ou Ihc requests from uiitrusted terminal 110. Sec 
Column 4, lines 38-46 of the Perlman reference. 

Remote Terminal A 1 30 and Remote Terminal B 140 are computers connected to 
network 150 that can send data to and receive data from untrusted terminal 110, One 
remote terminal can be the user's company server and (lie other can be the server of a 
financial institution. Each terminal is capable of performing privileged operations, such 
as providing remote access Lu files aud other data that is stored in the tcrminnls 130 and 
140. See Column 4, lines 53-53 of the Perlman reference. 

As part of establishing the secure communicatione channel between the untrusted 
terminal 1 10 and the remote terminals 130, 140, the credentials server 120 musrt identify 
the untrusted terminal 110 as "untrusted." The Perlmau lefcicnee explains that this 
identifi«itinn can be established using a variety of mechanisms. For example, the 
credentials server 120 may identify a terminal 1 10 as trusted or untrusted based on the 
network address of the terminal 110. See Perlnuu reference, column 5, lines 

In addition, a firewall connected to the credentials server 120 may insert a flaw 
into a data packet uf a request to establish a secure communications channel indicating 
that the terminal 110 generating the request should not be trusted (i.e., because the 
request originated outside of the credentials server network). Alternatively, a terminal 
110 may prove that it is trusted by demonstrating knowledge of a secret Or a private key 
' whose public key has been certified a* belonging to a trusted workstation. Moreover, if a 
terminal 110 simply cannot prove it should be trusted, the credential server 120 can 
identify the terminal 110 as untrusted when establishing the secure communication 
channel. See Perlman reference, column 5, lines 'J-20. 
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The Perlman Vulnerability Afi ftesnr pent (I) does n ot include a schu. that, can trad eviclflttC 
nffl comtromise and m the Assessm ent is not connected to allowing the workstation to 

access the secure network 

The Examiner states in paragraph number 3 of the Final Office Action mailed on 
January 14, 2005 that il is inherent that the Ferlraan reference completes a vulnerability 
assessment of the workstation. The Examiner believes that the Perlman reference 
completes a vulnerability assessment because Perlman discloses that the credential server 
generates credentials and issues these credentials to perform privileged operations on the 
remote terminal. 

These alleged facts made by the Examiner do not reasonably support that the 
Perlman reference inherently (a) performs a vulnerability assessment comprising a scan 
of the workstation to identify al least one of security vulnerabilities that would 
compromise the secure Operation of the workstation on the computer network and 
evidence of a cumpautfisfi; (b) comparing the workstation security credentials to a 
workstation security policy uu determine whether the workstation should be granted 
access to the network service; and <c) authorize access to the network service by the 
workstation if the workstation security credentials satisfy the workstation security policy. 

The Examiner has provide not basis in fact or technical reasoning to reasonably 
support thai the Perlman reference provides a vulnerability assessment that is identical to 
that of the Applicants' as claimed and that the vulnerability assessment is used to 
generate workstation security credentials that arc used to determine whether a 
workstation should be granted access to the network. The Applicants remind the 
Examiner that MPF.P § 21 1 2, subsection IV, second paragraph stales the following: 

"In relying upon the theory of inherency, the examiner 
must provide a basis in fact and/or technical reasoning to 
reasonably support the deUsnninatiou that the allegedly 
inherent characteristic necessarily flows from the teachings 
of the applied prior arc." Ex parte Lew, 17 T)SPQ2d 146U 
1464 (M Pat App. & Inter. 1990). 
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The Examiner allies that the production of "credentials" alone in Ihe Perlman 
reference means that it is inherent thai the Perlman reference completes a vulnerability 
assessment that is identical to Applicants 4 claimed technology. Huwever, the Applicants 
respectfully disagree. The Perlman reference is only concerned with if it can identify a 
terminal based on the identity or the usei or based on whether a terminal knows a secret 
or a private key. Sec the Perlman reference, column 4, lines 42-46. If the Perlman 
reference cannot identify a remote terminal, it simply characterizes the remule terminal as 
'^trusted'* and the Perlmnii inference tken limits the amount of access that the 
'Hintnisted" tcnninal can have to the computer network. 

Meanwhile, the Applicants' invention as recited in amended independent Claim 1 
performs a vulnerability assessment comprising a scan of the workstation to identify at 
least one of security vulnerabilities that would compromise the secure operation of the 
workstation on the computer network and evidence of a compromise. Hie Applicants 
submit that, the Perlman does not provide any teaching of such a vulnerability assessment 
with this level of detail as now recited in amended independent Claim 1 . 

The Applicants also submit that its claimed vulnerability assessment is connected 
with the security credentials that are produced. They arc connected meaning that the 
security credentials are produced based upon the completion of the vulnerability 
assessment Because the Perlman reference does not conduct a vulnerability assessment, 
its credentials art; not connected or related tn any vulnerability assessment. 

In light of the differences between Claim 1 and the Perlman reference one of 
ordinary skill in the art recognizes that this prior art reference, alone or in combination, 
cannot anticipate or render obvious the recitations as set forth in amended independent 
Claim 1. Accordingly, reconsideration and withdrawal of tin*, rejection of Claim I arc 
respectfully requested. 

^dependent Claim 12 

The rejection of Claim 12 is respectfully traversed. It is respectfully submitted 
that the Perlman reference, fails to describe, teach, or suggest the combination of (1) a 
local workstation assessment service, operative on the workstation, ibr (2) generating 
workstation security credentials by (3) completing a vulnerability assessment of the 

-1G- 
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workstation comprising a scan to identify at least one of (i) security vulnerabilities thai 
would compromise the secure operation of the workstation on the computer network and 
(ii) evidence of a compromise, (4) the workstation security credentials comprising (a) one 
of integrity information describing whetha the workstation has been compromised, and 
(b) security posture information describing the workstation's potential for compromise; 
and (5) a workstation security policy, operative on the workstation, for defining security 
policy requirements for secure operations by the workstation; (t>) the local workstation 
assessment service further operative for comparing the workstation security credentials to 
ihe wuikstatiou security policy to determine whether the workstation should be granted 
access to the network service, (7) the local workstation assessment service further 
operative to authorize access to the network service by the workstation if the workstation 
security credentials satisfy the workstation security policy, as recited in amended Claim 
12. 

A3 noted abovo with respecL to independent Claim 1 , the Perlman reference does 
not provide a teaching of vulnerability assessment of the workstation comprising a scan 
to identify at least one of (i) security vulnerabilities that would compromise the secure 
operation of the workstation on the computer network and (ii) evidence of a compromise. 

In light of the differences between Claim 12 and the Perlman reference, one of 
ordinary skill in the art rcco^uizes that the Perlman reference, alone or in combination* 
cannot anticipate or render obvious the recitations srl forth in amended independent 
Claim 12. Accordingly, reconsideration and withdrawal of this i ejection arc respectfully 
requested. 

Tririftpf.ndcnt ( 'lairn 1 3 

The rejection of Claim 13 is respectfully traversed. It is respectfully submitted 
ihat the Perlman reference, fails to describe, teach, or suggest the combination of (1) a 
local workstation assessment service, operative on the workstation, (2) for generating 
workstation security credentials by (3) completing a vulnerability assessment comprising 
(4) a scan of the workstation to identify at least one of (5) security vulnerabilities that 
would compromise the secure operation of the workstation on the computer network and 
(6) evidence of a compromise, the workstation security credentials comprising one of (7) 
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integrity information describing whether the workstation has been compromised, anil (8) 
security posture information describing the workstation's potential for compromise: and 
(9) a network service, operative on the network server, for (10) determining whether the 
workstation should be granted access to a software service of the network service in 
response to receiving the workstation security credentials via the computer network, as 
recited in amended Claim 13. 

As noted above with respect to independent Claim 1, the Perlman reference, does 
not provide a teaching of vulnerability assessment of the workstation comprising a scan 
to identify at least one of (i) security vulnerabilities that would compromise the secure 
operation of the workstation on the computer network and evidence of a compromise. 

In light of the differences between Claim 13 and the Perlman reference, one uf 
ordinary skill in the art recognizes that the Perlman reference, alone, or in combination, 
cannot anticipate or render obvious the recitations as set forth in amended independent 
Claim 13. Accordingly, reconsideration and withdrawal of this rejection are respectfully 
requested. 

Independent Claim 16 

The rejection of Claim 16 is respectfully Havered- It is respectfully submitted 
that the Perbnan refeience, fails to describe, teach, or suggest the combination of a (1) 
network service operative to generate *onVstation security credentials by (2) completing 
a vulnerability assessment comprising a (3) scan of the workstation to identity at least 
one of (4) security vulnerabilities that would compromise the secure operation of the 
workstation on the computer network and (5) evidence of a compromise, the workstation 
security credentials comprising (6) one of integrity information describing whether the 
workstation has been compromised, and (7) security posture information describing the 
workstation's potential for compromise; (8) the network service further operative to 
determine whether the workstation should be granted access to a software service of the 
network based on the workstation security credentials, as recited in amended Claim 16. 

As noted above, with respect to independent Claim 1, the Perlman reference does 
not provide a teaching of vulnerability assessment of the workstation comprising a scan 
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to identify at least one of (i) security vulnerabilities that would compromise flic secure 
operation of the workstation on the compute network and 00 evidence of a compromise. 

In li&ht of the differences between Claim 16 and die Perlman reference, one of 
ordinary skill in die art rcrogniwM that the Perlman reference, alone or iu combination, 
cannot anticipate or render obvious the rtxiUttions as set forth in amended independent 
Claim 16 Accordingly, reconsideration and withdrawal of this rejection arc respectfully 
requested. 

Independent Claim 

The rejection of Claim 19 ia respectfully traversed. It is respectfully submitted 
that the Perlman reference, fails to describe, teach, or suggest the combination of (1) 
issuing a request for a log in page to a network server from a browser operating on the 
workstation; (2) transmitting the log-in page and an authentication plug-in from the 
network server to the workstation via the computer network, the authentication plug-in 
installable within the browser and operative to generate workstation security credentials 
by (3) completing a vulnerability assessment comprising a (4) scan of the workstation to 
identify at least one of (5) security vulnerabilities that would compromise the secure 
operation of the workstation on the computet network and (6) evidence of a compromise, 
(7) the workstation security credentials comprising one of integrity information 
describing whether the workstation has been compromised, and security postures 
information describing the workstation's potential tor compromise; (S) transmitting the 
workstation security credentials from the authentication plug-in to the network server via 
the computer network; and (9) determining at a CGI script operating on the network 
scrver whether the workstation should be granted access to a software service of the 
network based on the workstation security credentials, as lecited in amended Claim 19- 

As nolo] above with respect to independent Claim 1, die Perlman reference docs 
not provide a teaching of vulnerability assessment of the workstation comprising a semi 
to identify at least one of (i) security vulnerabilities that would compromise the secure 
operation of the workstation on the computer network and (ii) evidence of a compromise. 

Iu light of the differences between Claim 19 and the Perlman referent, one of 
ordinary skill in the art recogniTus that the Terlman reference, alone or in combination, 
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cannot anticipate or render obvious the recitations as set forth in amended independent 
Claim 19. Accordingly, reconsideration and withdrawal of this rejection are respectfully 
requested. 

Independent Claim 21 

The rejection of Claim 21 is respectfully traversed It is respectfully submitted 
that the Perlman reference, fails to describe, teach, or suggest the combination of a (1) 
network assessment 3ervice operating on a network workstation assessment server on the 
computer network the network assessment service operative to (7.) generate workstation 
security credentials prior lu receiving user credentials by (3) completing a vuhiw ability 
assessment comprising a (4) scan of die workstation via the computer network to identify 
at least one of (5) security vulnerabilities thai would compromise foe secure operation of 
the workstation on the computer network and (6) evidence of a compromise, (7) the 
workstation security credentials unnpiising one nf integrity information describing 
whether the workstation has been compromised, and security posture, information 
describing the workstation's potential for compromise, (8) the network service, 
responsive to receiving the workstation security credentials from the network assessment 
service via the computer, operative to determine whether (9) the workstation should be 
granted access to a software service of flic network based on the workstation security 
credentials and the user credentials, as recited in amended Claim 2 1 . 

As noted above with respect to independent Claim 1 , the Perlman reference does 
not provide a teaching of vulnerability assessment of the workstation comprising a scan 
to identify at least one of (i) security vulnerabilities that would compromise the secure 
operation of the workstation on the computer network and (ii) evidence of a compromise 

In light of the differences between Claim 21 and the Perlman reference mentioned 
above, one of ordinal y skill in the art recognizes thai the Perlman reference, alone or in 
combination, cannot anticipate or render ubvious the recitations as set forth in amended 
independent Claim 21. Accordingly, reconsideration and withdrawal of this rejection are 
lespectfully requested. 
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Indep enden t Claim 25 

The rejection of Claim 25 is respectfully traversed. It is respectfully submitted 
thai the Pcilman reference, fails to describe, teach, or suggest the combination ot (1) 
issuing a request for a log-in page to a network server from a browser operatina on the 
workstation; (2) transmitting the log-in page, (3) an authentication plug-in, and a d) 
workstation policy from the network server to the workstation via the computer network, 
(5) the authentication plug-ir. installable within the browser and operative to generate 
workstation security credentials by (6) completing a vulnerability assessment wmprisinjj 
(7) a scan of the workstation to identify at least one of security vulnerabilities thai would 
compromise the secure operation of the workstation on the computer network and (K) 
evidence of a compromise, (9) the workstation security credentials comprising one of 
integrity information describing whether Oil- woikstation has been compromised, and 
security posture information describing the workstation's potential for compromise; (10) 
comparine *e workstation security credentials to the workstation policy on the 
workstation to determine whether the workstation should be granted access to a software 
service of the network; and (U) receiving user credentials if the workstation is granted 
accesB to the software service of the network, as recited in amended Claim 25. 

As noted above with respect to independent Claim 1, the I'crlman reference does 
not provide a teaming of vulnerability assessment of the workstation comprising a scan 
to identify at least one of (i) security vulnerabilities that would compromise the secure 
operation of the workstation on Oic computer network and (ii) evidence of a compromise. 

In light of the differences between Claim 25 and the Palman reference mentioned 
above, one of ordinary skill in the art recognizes that the Permian reference, alone or in 
combination, cannot anticipate or reuda obvious the notations as act forth in amended 
independent Uaim 2i>. Accordingly, reconsideration and withdrawal of this rejection arc 
respectfully leqnesterl. 

papendent Claim s 2, A. 7.1 1. 14-15. 17-1* Aland 22-24 

The Applicants respectfully submit that the above-identified dependent claims arc 
allowable because the independent claims from which they depend are patentable over 
the cited references. 
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The Applicants also respectfully submit that the recitations of dependent Claims 
2, 4, 7-11, 14-15, 17-18. 20 > 811(1 22 24 316 of P alentable significance. Accordingly, 
reconsideration and withdrawal of the rejections of the dependent claims are respecthiUy 

requested. 

fXJNCLUSlON 

The foregoing is submitted as a full and complete response to the Office Action 
mailed on January 14, 2005, The Applicants and the undersigned thank Bxaminer 
Jackson for the considaalinii of these remarks. The Applicants have submitted remarks 
to traverse the rejections of Claims 1-25. The Applicants respectfully submit (tat the 
V iexnt application is in condition for allowance. Such Action is hereby courteously 
solicited. 

If any issues remain that may he resolved by telephone, the Examiner is irquested 
to caJl the undersigned at 404.572.2884. 

Respectfully submitted, 

igmoro 
Re&m 40,447 

King & Spalding LLP 
45 ,h Floor 

191 Peachtrcc Street, N.E. 
Atlanta, Geor^a 30303 
404.572.4600 

K&S Docket; 05456-105004 
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